Wednesday, July 1, 2015

SharePoint 2010 User Active Directory Permissions not updating

When
you are using Active Directory groups and add those groups into SharePoint
groups, you will run into issues while modifying the members of the Active
Directory group. It takes 24 hours (by default) to reflect this change to
SharePoint.This behavior is controlled by a property called Token-timeout.By
default, this value is set to 1440
minutes (24 hours) .

SharePoint fetches user token information from the
SharePoint database. If the user has never visited the site or if the user’s
token was generated more than 24 hours previously, SharePoint generates a new
user token by trying to refresh the list of groups that the user belongs to.(MSDN
Reference)

To check which values you currently have, try running the below:

stsadm –o getproperty –propertyname token-timeout

If
you want to minimize this token time out value (time it takes to refresh the
token), follow the below instructions.

To
set a valid time to 2000 minutes, use the following syntax:

stsadm -o setproperty -pn token-timeout -pv 2000

Note: You can substitute -pn for -propertyname and -pv for
-propertyvalue.

Name

Value

propertyname

Gets or sets the name
of the property.

propertyvalue

A valid time interval,
in minutes. The default setting is 1440 minutes.